Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Managing Information Risk and the Economics of Security Kapitel lesen Erstes Kapitel lesen

2009 | OriginalPaper | Buchkapitel

7. Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security

verfasst von : Adam Beautement, Robert Coles, Jonathan Griffin, Christos Ioannidis, Brian Monahan, David Pym, Angela Sasse, Mike Wonham

Erschienen in: Managing Information Risk and the Economics of Security

Verlag: Springer US

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Organizations deploy systems technologies in order to support their ope­rations and achieve their business objectives. In so doing, they encounter tensions between the confidentiality, integrity, and availability of information, and must make investments in information security measures to address these concerns. We discuss how a macroeconomics-inspired model, analogous to models of interest rate policy used by central banks, can be used to understand trade-offs between investments against threats to confidentiality and availability. We investigate how such a model might be formulated by constructing a process model, based on empirically obtained data, of the use of USB memory sticks by employees of a financial services company.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Communicating the Economic Value of Security Investments: Value at Security Risk
Nächstes Kapitel The Value of Escalation and Incentives in Managing Information Access
Fußnoten
1
A support proportion of 0.25 means that 1/4 of the total security investment goes towards IT support and the remainder goes towards monitoring.
 
Literatur
Anderson, R. “Why Information Security Is Hard: An Economic Perspective,” in Proceedings 17th Annual Computer Security Applications Conference, 2001.
Adams, A.L., and Sasse, M.A. “Users Are Not the Enemy: Why Users Compromise Security Mechanisms and How to Take Remedial Measures,” Communications of the ACM (42:12), 1999, pp. 40–46.CrossRef
Barro, R., and Gordon, D. “A Positive Theory of Monetary Policy in a Natural Rate Model,” Journal of Political Economy (91), 1983, pp. 589–610.CrossRef
Birtwistle, G. Demos — discrete event modelling on Simula. Macmillan, 1979.
Birtwistle, G., and Tofts, C. “An Operational Semantics of Process-Orientated Simulation Languages: Part I,”, Demos. Transactions of the Society for Computer Simulation (10:4), 1993, pp. 299–333.
Birtwistle, G., and Tofts, C. “An Operational Semantics of Process-Orientated Simulation Languages: Part II,” Demos. Transactions of the Society for Computer Simulation (11:4), 1994 pp. 303–336.
Birtwistle, G., and Tofts, C. “A Denotational Semantics for a Process-Based Simulation Language,” ACM ToMaCS (8:3), 1998, pp. 281–305.MATH
Birtwistle, G., and Tofts, C. “Getting Demos Models Right — Part I Practice,” Simulation Practice and Theory (8:6-7), 2001, pp. 377–393.MATHCrossRef
Birtwistle, G., and Tofts, C. “Getting Demos Models Right — Part II ... and Theory,” Simulation Practice and Theory (8:6-7), 2001, pp. 395–414.MATHCrossRef
Clatworthy, M., Peel, D., and Pope, P. “Are Analysts’ Loss Functions Asymmetric?” Technical Report 005, Lancaster University Management School, 2006.
Gordon, L.A., and Loeb, M.P. “The Economics of Information Security Investment,” ACM Transactions on Information and Systems Security (5:4), 2002, pp. 438–457.CrossRef
Gordon, L.A., and Loeb, M.P. Managing Cybersecurity Resources: A Cost-Benefit Analysis. McGraw Hill, 2006.
Milner, R. Communication and Concurrency. Prentice-Hall, 1989.
Monahan, B. “DXM: Demos Experiments Manager,” Forthcoming HP Labs Technical Report, 2008.
Nobay, R.A., and Peel, D.A. “Optimal Discretionary Monetary Policy in a Model of Asymmetric Bank Preferences,” The Economic Journal (113:489), 2003, pp. 657–665. CrossRef
Pym, D., and Tofts, C. “A Calculus and Logic of Resources and Processes,” Formal Aspects of Computing (18:4), 2006, pp. 495–517, Erratum (with Collinson, M.) Formal Aspects of Computing (19) 2007, pp. 551–554.
Pym, D., and Tofts, C. “Systems Modelling via Resources and Processes: Philosophy, Calculus, Semantics, and Logic,” in Cardelli, L., Fiore, M., and Winskel, G. (Eds), Electronic Notes in Theoretical Computer Science (Computation, Meaning, and Logic: Articles dedicated to Gordon Plotkin), (107) 2007, pp. 545–587, Erratum (with Collinson, M.) Formal Aspects of Computing (19) 2007, pp. 551–554.
Ruge-Murcia, F.J. “The Inflation Bias When the Central Bank Targets the Natural Rate of Unemployment,” Technical Report 2001-22, Département de Sciences Économique, Université de Montréal, 2001.
Ruge-Murcia, R.J. “Inflation Targeting under Asymmetric Preferences,” Journal of Money, Credit, and Banking (35:5), 2003, pp. 763–785.MathSciNetCrossRef
Strauss, A.L., and Corbine, J.M. Basics of Qualitative Research: Grounded Theory Procedures and Techniques. Newbury Park, CA: Sage, 1990.
Office Of Science and Technology. Foresight: Cyber Trustand Crime Prevention Project: Executive Summary. 2004.
Taylor, J.B. “Discretion versus Policy Rules in Practice,” Carnegie-Rochester Conference Series on Public Policy (39), 1993, pp. 195–214.CrossRef
Tofts, C. “Processes with Probability, Priority and Time,” Formal Aspects of Computing, (6:5), 1994, pp. 536–564.MATHCrossRef
Varian, H. “A Bayesian Approach to Real Estate Management,” in Feinberg, S.E. and Zellner, A. (Eds) Studies in Bayesian Economics in Honour of L.J. Savage, North Holland, 1974, pp. 195–208.
Weirich, D., and Sasse, M.A. “Pretty Good Persuasion: A first Step towards Effective Password Security for the Real World,” in Proceedings of the New Security Paradigms Workshop, Cloudcroft, NM, ACM Press. September 2001, pp. 137–143.
Yearworth, M., Monahan, B., and Pym, D. “Predictive Modelling for Security Operations Economics,” (extended abstract) in Proc. I3P Workshop on the Economics of Securing the Information Infrastructure, 2006. Proceedings at http://​wesii.​econinfosec.​org/​workshop/​.
Zellner, A. “Bayesian Prediction and Estimation Using Asymmetric Loss Functions. Journal of the American Statistical Association (81), 1986, pp. 446–451.MathSciNetMATHCrossRef
Metadaten
Titel
Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security
verfasst von
Adam Beautement
Robert Coles
Jonathan Griffin
Christos Ioannidis
Brian Monahan
David Pym
Angela Sasse
Mike Wonham
Copyright-Jahr
2009
Verlag
Springer US
Buch
Managing Information Risk and the Economics of Security

Print ISBN: 978-0-387-09761-9

Electronic ISBN: 978-0-387-09762-6

Copyright-Jahr: 2009

DOI
https://doi.org/10.1007/978-0-387-09762-6_7

Premium Partner

    Bildnachweise